20010013 



17 



1 

2 What is claimed is: 
3 

4 1 . A method for providing a switch user functionality in a server-agent 

5 environment in an information technological (IT) network in which at least one 

6 agent runs on a node of the IT network, comprising: 

7 generating a switch user (SU) certificate using public-key cryptography 

8 upon receiving a request to switch from a user account presently used on the 

9 node to another user account; 

10 sending the SU certificate to the agent; 

11 checking the correctness of the SU certificate; 

12 performing the requested switch to the other user account provided that 

13 the SU certificate is correct. 
14 

15 2. The method of claim 1 , wherein the server-agent environment 

16 comprises a network management server and wherein the agent is management 

17 agent running on a managed node. 
18 

19 3. The method of claim 1, wherein the SU certificate is generated by a 

20 designated server. 
21 

22 4. The method of claim 1, wherein the agent forwards the received SU 

23 certificate to a domain controller which checks the correctness of the SU 

24 certificate and allows the agent to perform the requested switch user. 
25 

26 5. The method of claim 1, wherein a private and public key pair is 

27 available before the method begins. 
28 

29 6. The method of claim 5, wherein the public key is made public within 
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1 the network or within a domain of the network in which the correctness of the 

2 SU certificate is checked. 
3 

4 7. The method of claim 5, wherein the generation of the SU certificate 

5 comprises signing an SU document with the private key and wherein the 

6 checking of the SU certificate comprises verifying the signature with the public 

7 key. 
8 

9 8. The method of claim 1 , wherein the step of checking the correctness 

10 of the SU certificate comprises verifying that the SU certificate originates from a 

11 designated server and has not been modified. 
12 

13 9. The method of claim 1, wherein the SU certificate contains no 

14 password relating to the account to which the switch is to be performed. 
15 

16 10. The method of claim 1, wherein the SU certificate comprises the 

17 account name to which the account is to be switched and an identification of 

18 the node for which the switch is to be performed. 
19 

20 11. The method of claim 1, wherein the SU certificate comprises a time 

21 stamp or another certificate identification stamp. 
22 

23 12. The method of claim 11, wherein the step of checking comprises 

24 verifying that the certificate is not outdated or has not been used before, by 

25 means of the time stamp or the certificate identification stamp. 
26 

27 13. A computer program product including program code for providing a 

28 switch user functionality in a server-agent environment in an information 

29 technological (IT) network in which at least one agent runs on a node of the IT 
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1 network, said program code for: 

2 generating a switch user (SU) certificate using public-key cryptography 

3 upon receipt of a request to switch from a user account presently used on the 

4 agent to another user account; 

5 sending the SU certificate to the agent; 

6 checking the correctness of the SU certificate; 

7 performing the requested switch to the other user account provided that 

8 the SU certificate is correct. 
9 

10 14 The computer program product of claim 13, wherein the server-agent 

11 environment comprises a network management server and wherein the agent is 

12 management agent running on a managed node. 
13 

14 15. The computer program product of claim 13, wherein the SU certificate 

15 is generated by a designated server. 
16 

17 16. The computer program product of claim 13, wherein the agent 

18 forwards the received SU certificate to a domain controller which checks the 

19 correctness of the SU certificate and allows the agent to perform the requested 

20 switch user. 
21 

22 17. The computer program product of claim 13, wherein a private and 

23 public key pair is generated before an SU certificate is generated for the first 

24 time. 
25 

26 18. The computer program product of claim 17, wherein the public key is 

27 made public within the network or within a domain of the network in which the 

28 correctness of the SU certificate is checked. 



29 
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1 19. The computer program product of claim 17, wherein the generation of 

2 the SU certificate comprises signing an SU document with the private key and 

3 wherein the checking of the SU certificate comprises verifying the signature with 

4 the public key. 
5 

6 20. The computer program product of claim 13, wherein the step of 

7 checking the correctness of the SU certificate comprises verifying that the SU 

8 certificate originates from a designated server and has not been modified. 
9 

10 21 . The computer program product of claim 13, wherein the SU certificate 

11 contains no password relating to the account to which the switch is to be 

12 performed. 
13 

14 22. The computer program product of claim 13, wherein the SU certificate 

15 comprises the account name to which the account is to be switched and an 

16 identification of the node for which the switch is to be performed. 
17 

18 23. The computer program product of claim 13, wherein the SU certificate 

19 comprises a time stamp or another certificate identification stamp. 
20 

21 24. The computer program product of claim 23, wherein the step of 

22 checking comprises verifying that the certificate is not outdated or has not been 

23 used before, by means of the time stamp or the certificate identification stamp. 
24 

25 25. A system for managing objects in an information technological (IT) 

26 network having a network management server and at least one management 

27 agent which runs on a managed node of the IT network, said system provides a 

28 switch user functionality and comprises: 

29 an SU certificate generation component which uses public-key 
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1 cryptography; 

2 an SU certificate sending component which sends the certificate to the 

3 agent; 

4 an SU certificate checking component; 

5 a user account switching component performing the requested switch 

6 provided that the SU certificate is correct. 
7 

8 26. The system of claim 25, wherein the SU certificate generation 

9 component is a part of the management server. 
10 

11 27. The system of claim 25, wherein the SU certificate checking 

12 component is a part of a domain controller. 
13 

14 28. The system of claim 25, further comprising a public key publication 

15 component. 
16 

17 29. The system of claim 28, wherein the SU certificate generation 

18 component comprises an digital-signature component which signs an SU 

19 document with a private key corresponding to the public key and wherein the 

20 SU certificate checking component comprises a signature verification 

21 component. 
22 



